Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
Windows Security
DDoS Protection Powered By Verisign
Average Rating:
Rate this article:  
Light Patch Tuesday, But New Security Advisories Emerge

Light Patch Tuesday, But New Security Advisories Emerge
By Jennifer LeClaire

Share
Share on Facebook Share on Twitter Share on Linkedin Share on Google Plus

Besides the seven bulletins, Microsoft is publishing several security advisories. In October, KB2661254 is being switched to automatic download and will start enforcing a minimum of 1024-bit key length for certificates. Key lengths of under 1024 bits are forge-able and certificate authorities have stopped producing such certificates.
 


Microsoft on Tuesday issued seven bulletins to patch 20 vulnerabilities. Only one patch is critical. The rest are important. But despite the light cycle, IT admins can expect more Microsoft-related work in October.

Andrew Storms, director of security operations for nCircle, said Microsoft is re-releasing a number of patches this month -- in addition to the seven bulletins released as part of the regular patch Tuesday schedule and Monday's Adobe Flash update distributed to Windows 8 users via Windows Update.

Patch Re-Release

"These patches were released earlier this year and have to be re-released due to clerical error with the code signing process at release time. We're also seeing a re-release of an XML Core Services for Windows 8 users, a preventative measure to protect users against potential malicious use of MSXML," Storms told us.

As Storms sees it, the good news is that IT admins don't have to patch Internet Explorer this month since routine fixes were bundled into last month's out-of-band update and, with one exception, the other fixes are fairly tame.

"The RTF bug in Microsoft Word warrants special attention since users can be exploited simply by previewing a malicious RTF file in Outlook," Storms said. "Security teams should prioritize, distribute and install this fix as soon as possible."

Patch this First

We also asked Wolfgang Kandek, CTO of Qualys, for his insights into Microsoft's monthly release. He told us the "critical" bulletin fixes two vulnerabilities in Microsoft Word and applies to all versions of Microsoft Office.

"It addresses a vulnerability that can be exploited via a malicious RTF formatted e-mail through the Outlook Preview pane without having to open the e-mail," Kandek said. "Since the development complexity of an attack against this vulnerability is low, we believe this vulnerability will be the first to have an exploit developed and recommend applying the MS12-064 update as quickly as possible."

New Security Advisories

Besides the seven bulletins, Microsoft is publishing several security advisories. In October, KB2661254 is being switched to automatic download and will start enforcing a minimum of 1024-bit key length for certificates. Key lengths of under 1024 bits are forge-able and certificate authorities have stopped producing such certificates for several years now, he said.

"KB2749655 is a new advisory and explains a problem in Microsoft's code-signing infrastructure. During the three months in the summer of 2012, a number of binary files in Microsoft Security Bulletins were signed in a flawed way that will lead to their loss of validity, causing them to stop working in January 2013," Kandek said.

"To solve the problem, Microsoft will publish new versions of the affected bulletins, and organizations will need to reinstall the affected updates. This month the updated packages are MS12-053, MS12-054, MS12-055 and MS12-058."
 

Tell Us What You Think
Comment:

Name:

Jamos:

Posted: 2012-10-11 @ 7:22am PT
This patch breaks ICS.



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Windows Security
1.   Microsoft Patch Tuesday Stars IE
2.   Kaspersky Looks Inside 'Epic' Attack
3.   MS Plans Final Windows 8.1 Tweak
4.   Barracuda Secures Microsoft Azure
5.   Windows 7 Ends Mainstream Support


advertisement
Kaspersky Looks Inside 'Epic' Attack
Ongoing cyber-espionage analyzed.
Average Rating:
Microsoft Patch Tuesday Stars IE
Biz should focus on browser bulletin.
Average Rating:
MS Plans Final Windows 8.1 Tweak
Focus shifts to upcoming Windows 9.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Cost of Target Data Breach: $148 Million
The now infamous Target data breach is still costing the company -- and its shareholders -- plenty. In fact, the retailing giant forecast the December 2013 incident cost shareholders $148 million.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 
Chinese Hackers Nab Info on Millions of U.S. Patients
A group of Chinese hackers has stolen the personal information, including names and Social Security numbers, of about 4.5 million patients at hospitals operated by Community Health Systems.
 

Enterprise Hardware Spotlight
Three New Lenovo PCs Aimed at Business Users
Businesses everywhere want computing solutions that do more for less money, and Lenovo has unveiled three new desktop PCs that offer solid computing at a budget-minded price.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 
Compression, Deduplication Come to Violin Concerto 2200
Violin Memory has announced that data deduplication and compression capabilities are now available on its Concerto 2200 solution. Typically, users will experience deduplication rates between 6:1 and 10:1.
 

Mobile Technology Spotlight
Apple Stock Soars Ahead of iPhone 6 Launch
The imminent release of the iPhone 6 -- and maybe even an iWatch -- has sent Apple's stock soaring to new heights. Considering what else the firm could have up its sleeve -- the stratosphere may be the limit.
 
HTC Debuts Windows Phone Version of One M8 Smartphone
HTC is bringing the Windows Phone mobile OS to its flagship One M8 device -- the first time any mainstream flagship smartphone has been offered with a choice of operating systems.
 
Verizon Earns Top Rating in Mobile Network Comparison
A new report says Verizon Wireless was the top-performing U.S. cellphone service provider in the first half of 2014, on a nationwide and state-by-state basis, as well as in metro areas.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.